---
id: creating_service_account
title: Creating a project from a service account
sidebar_label: Create a project from a service account
---

:::important
You **only** need to create a service account manually for FireCMS Cloud projects, in case you don't want
to grant FireCMS admin permissions. In the app, you can create a new project or link existing projects
without the need to create a service account manually.
:::

One possible way to create a FireCMS Cloud project and link it to your **existing** Firebase/GCP project is by creating
a service account, assigning the necessary permissions, and assigning it to your project.

In order to do so please follow these steps:

- Go to the [Google Cloud Console](https://console.cloud.google.com/).

- Select the project you want to link to FireCMS.

- Go to the [Service accounts](https://console.cloud.google.com/iam-admin/serviceaccounts) section.

<img
    loading="lazy"
    className={"ml-8 w-full rounded-lg mt-4 mb-8 max-w-[600px]"}
    src={require('../../static/img/sa_creation/0_sa_menu.png').default}
    alt={"Service accounts menu"}/>

- Click on the `Create Service Account` button.

<img
    loading="lazy"
    className={"ml-8 w-full rounded-lg mt-4 mb-8 max-w-[800px]"}
    src={require('../../static/img/sa_creation/1_create_new.png').default}
    alt={"Create new service account"}/>

- Fill in the details for the service account. Name it `FireCMS`.

<img
    loading="lazy"
    className={"ml-8 w-full rounded-lg mt-4 mb-8 max-w-[600px]"}
    src={require('../../static/img/sa_creation/3_name.png').default}
    alt={"Service account details"}/>

- Assign the following roles:
 - `Firebase Admin`
 - `Firebase Admin SDK Administrator Service Agent`
 - `Firebase Service Management Service Agent`

<img
    loading="lazy"
    className={"ml-8 w-full rounded-lg mt-4 mb-8 max-w-[600px]"}
    src={require('../../static/img/sa_creation/4_roles.png').default}
    alt={"Service account roles"}/>

- Optionally, define the users that can impersonate the service account.

<img
    loading="lazy"
    className={"ml-8 w-full rounded-lg mt-4 mb-8 max-w-[600px]"}
    src={require('../../static/img/sa_creation/5_users.png').default}
    alt={"Service account users"}/>

- Now let's create the JSON key that will be uploaded to FireCMS Cloud.
Find the newly created Service account, and in the dropdown menu, click on `Manage keys`.

<img
    loading="lazy"
    className={"ml-8 w-full rounded-lg mt-4 mb-8 max-w-[800px]"}
    src={require('../../static/img/sa_creation/6_keys_menu.png').default}
    alt={"Service account keys"}/>

- Then create a new key.

<img
    loading="lazy"
    className={"ml-8 w-full rounded-lg mt-4 mb-8 max-w-[600px]"}
    src={require('../../static/img/sa_creation/7_key_create.png').default}
    alt={"Create key"}/>

- And finally, download the JSON key.

<img
    loading="lazy"
    className={"ml-8 w-full rounded-lg mt-4 mb-8 max-w-[600px]"}
    src={require('../../static/img/sa_creation/8_json.png').default}
    alt={"Download JSON key"}/>

Now you can **upload this JSON key** to **FireCMS Cloud** and link it to your project.

:::important Security
A service account is a special type of Google account that allows non-human users to authenticate and authorize
Google Cloud Platform (GCP) services. It is important to keep the service account key secure, as it can be used to
access your GCP resources. FireCMS Cloud uses this service account to manage your project resources.
Your service account is securely encrypted using Google Cloud KMS.
Make sure to keep your service account key secure and do not share it with unauthorized users.
:::
